Processing in web applications happens both on the server side and the client side. The latter is often used to do things related to how information is presented to the user; also, input validation and some authorization tasks are performed client-side. When these validation and authorization checks are not reinforced by a similar server-side process, we may face a security problem, as client-side information and processing is easily manipulable by users.
In this recipe, we will see a couple of situations where a malicious user can take advantage of client-side controls that are not backed up by server-side counterparts.
